CyberNews Briefs

Leaky Access Tokens Exposed Amazon Photos of Users

According to new researcher, hackers who have obtained access to Amazon users’ authentication tokens could have taken the opportunity to steal or encrypt personal photos and document. Security researchers report that the Amazon Photos app for Android does not protect user access tokens properly. Due to the exposed tokens, attackers and malicious actors could access personal data belonging to the token holder through a number of different Amazon apps such as Amazon Drive. In addition, this offers attackers the ability to conduct a ransomware attack that could have effects such as permanently deleting photos and documents.

The findings were reported in the fall of last year to Amazon’s Vulnerability Research Program. In December, Amazon announced that the issues had been fully resolved. However, loose tokens still exist. Software suite vendors such as Amazon use access tokens to offer convenience to its users, but this may also present an opportunity for attackers.

Read More: Leaky Access Tokens Exposed Amazon Photos of Users

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.